1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 17:34:18 +03:00

NEWS: mention CVE-2020-25637 in v6.8.0 release notes

Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Mauro Matteo Cascella 2020-10-02 13:09:35 +02:00 committed by Ján Tomko
parent c1f3a628d0
commit fdb6a5d79e

View File

@ -27,6 +27,14 @@ v6.9.0 (unreleased)
v6.8.0 (2020-10-01)
===================
* **Security**
* qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
Clients connecting to the read-write socket with limited ACL permissions
may be able to crash the libvirt daemon, resulting in a denial of service,
or potentially escalate their privileges on the system. CVE-2020-25637.
* **New features**
* xen: Add ``writeFiltering`` attribute for PCI devices